On July 26, the Consumer Financial Protection Bureau (CFPB or Bureau) released the summer edition of its Supervisory Highlights report, providing a high-level overview of alleged unfair, deceptive, or abusive acts or practices (UDAAP) identified by the agency during examinations from July 1, 2022 to March 31, 2023. The findings included in the report cover examinations in the areas of auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday and small dollar lending, and remittances.
In the report and accompanying press release, the CFPB promotes the purported benefits of being supervised by the agency. The CFPB also announces that several nonbanks have voluntarily consented to the CFPB’s supervisory authority, while citing its April 25, 2022 warning that it would use its “dormant authority” to examine nonbanks who “pose risks to consumers.” This signals that the CFPB will leverage its dormant supervisory authority (discussed here) to pressure companies into “voluntarily” consenting to be supervised because, if the company does not consent, the CFPB will publish its finding that the company poses risks to consumers as part of the process of imposing its supervisory authority.
For the most part, the UDAAP examples in this edition of Supervisory Highlights fall into well-understood issues that the Bureau has commented on in the past. But the finding related to powerbooking in the indirect auto industry — addressed in the first bullet of the list below — is brand-new and represents the CFPB’s effort to impose an unprecedented (and in our view, not well supported) duty on auto finance companies to make adjustments to a principal balance based on the existence of a misrepresentation made by the dealer to the lender about the vehicle. The Bureau last did this in 2016 by announcing in Supervisory Highlights that auto finance companies should prohibit repossession agents from charging personal property storage and retrieval fees, and the Bureau followed that announcement with both supervisory activity and a consent order in 2020 on the same subject. This is a statement that the auto finance industry should pay close attention to.
Below is a list of what the CFPB considered the most significant compliance issues identified by examiners during their supervisory activities:
Auto Lending/Servicing:
- Examiners found that some dealers fraudulently documented options that were not actually present on the vehicle — sometimes called “powerbooking”. In the instances where these discrepancies were identified, servicers did not reduce the amount the consumers owed on the loan.
- This strikes us as a major, brand-new expectation from the CFPB related to powerbooking that has little legal basis and which could be very significant for auto finance companies.
- Examiners found that some institutions engaged in deceptive marketing when they used advertisements that pictured cars that were significantly larger, more expensive, and newer than the advertised loan offers related to.
- Examiners found that some servicers engaged in unfair acts or practices by suspending recurring automated clearing house (ACH) payments prior to consumers’ final payment without notifying the consumers that the final payment must be made manually, resulting in missed payments and late fees.
- Examiners found some servicers engaged in blanket cross-collateralization by accelerating and requiring payments from consumers on unrelated debts, such as credit cards, before consumers could reclaim their repossessed vehicles.
Debt Collection:
- Examiners found that some debt collectors continued collection attempts for work-related medical debt after receiving information that the debt was uncollectible under state worker’s compensation law.
- Examiners found some debt collectors advised consumers that if they paid the balance in full by a certain date any interest assessed on the debt would be reversed, but then failed to credit the consumers’ accounts for the accrued additional interest.
Payday Lending:
- Examiners found that some payday lenders engaged in abusive and deceptive acts or practices by including language in loan agreements purporting to prohibit consumers from revoking their consent for the lender to call, text, or e-mail them.
- Examiners found that some institutions made false collection threats related to litigation, garnishment, and late fees.
- Examiners found that, with respect to consumers who signed voluntary wage deduction agreements, certain lenders sent demand notices to their employers incorrectly conveying that the employer was required to remit the full amount of the consumer’s loan balance when, in fact, the consumer had agreed to permit the lenders only to seek a wage deduction in the amount of the individual scheduled payment due.
- Examiners found that some installment lenders failed to confirm that several thousand borrowers were not covered borrowers under the Military Lending Act (MLA), and thus originated loans at rates and terms impermissible under the MLA.
- Examiners found that some lenders misrepresented to borrowers the impact that payment or nonpayment of debts in collection may have on the borrower’s credit reports.
- This finding hearkens back to Bulletin 2013-08, where the Bureau asserted that such statements would be viewed as UDAAP violations.
Fair Lending:
- Examiners found that some mortgage lenders violated the Equal Credit Opportunity Act (ECOA) and its implementing regulation, Regulation B, by discriminating in granting pricing exceptions across a range of ECOA-protected characteristics, including race, national origin, sex, or age.
- The CFPB reviewed lending restrictions in underwriting policies and procedures at several lenders to evaluate fair lending risks and to assess compliance with ECOA and Regulation B specifically relating to how those lenders handled the treatment of applicants’ criminal records and whether the lenders properly treated income derived from public assistance.
- Examiners found that criminal records prompted enhanced or second-level underwriting review, but policies and procedures at several institutions did not provide sufficient detail regarding how that review should be conducted, creating fair lending risk around the use of discretion.
- Examiners also identified lenders whose underwriting policies and procedures improperly excluded income derived from certain public assistance programs or imposed stricter standards on income derived from public assistance programs.
Mortgage Servicing:
- Examiners found that some servicers violated Regulation X by failing to evaluate loss mitigation applications within 30 days of receipt. Relatedly, some examiners found that servicers engaged in deceptive acts or practices when they informed consumers that they would evaluate their complete loss mitigation applications within 30 days, but then moved toward foreclosure without completing the evaluations.
- Examiners found that some servicers violated Regulation X by failing to include required loss mitigation language on Spanish language application acknowledgment notices.
- Examiners found that some servicers treated payments received by the transferor servicer during the 60-day period, but not transmitted by the transferor to the transferee until after the 60-day period, as late in violation of Regulation X. Relatedly, examiners found that some servicers violated Regulation X when they failed to maintain policies and procedures reasonably designed to achieve the objective of facilitating transfer of information during servicing transfers.
Information Technology:
- Examiners found that some institutions engaged in unfair acts or practices by failing to implement adequate information technology security controls that could have prevented or mitigated cyberattacks. Specifically, according to the CFPB, the institutions’ password management policies for certain online accounts were weak, the entities failed to establish adequate controls in connection with log-in attempts, and the entities did not adequately implement multi-factor authentication or a reasonable equivalent for consumer accounts.